Cybersecurity News
New ransomware highlights widespread adoption of Golang language by cyberattackers
The latest version of Go is being used to prevent reverse-engineering attempts.Cobalt Strike Usage Explodes Among Cybercrooks
The legit security tool has shown up 161 percent more, year-over-year, in cyberattacks, having “gone fully mainstream in the crimeware world.”
Data for 700M LinkedIn Users Posted for Sale in Cyber-Underground
After 500 million LinkedIn enthusiasts were affected in a data-scraping incident in April, it's happened again - with big security ramifications.
Microsoft Refining Third-Party Driver Vetting Processes After Signing Malicious Rootkit
Rogue driver was distributed within gaming community in China, company says.5G Security Vulnerabilities Fluster Mobile Operators
A survey from GSMA and Trend Micro shows a concerning lack of security capabilities for private 5G networks (think factories, smart cities, industrial IoT, utilities and more).
Attacks Erase Western Digital Network-Attached Storage Drives
The company suspects a remote code execution vulnerability affecting My Book Live and My Book Live Duo devices and recommends that business and individual users turn off the drives to protect their data.Request for Comments: PCI DSS v4.0 Draft Validation Documents
From 28 June to 28 July, PCI SSC stakeholders can participate in a Request for Comments (RFC) on a draft of the PCI DSS v4.0 draft validation documents. As indicated in a recent post on the PCI DSS v4.0 timeline, this RFC was added as a unique opportunity for the industry to provide feedback on drafts of the v4.0 Report on Compliance (ROC) Template and the ROC Attestations of Compliance (AOC). This RFC also introduces a new approach to merchant self-assessments, called Merchant Assessment Forms (MAFs), intended to replace Self-Assessment Questionnaires.
NVIDIA Patches High-Severity GeForce Spoof-Attack Bug
A vulnerability in NVIDIA’s GeForce Experience software opens the door to remote data access, manipulation and deletion.
New House Bill Aims to Drive Americans' Security Awareness
The legislation requires the National Telecommunications and Information Administration to establish a cybersecurity literacy campaign.Microsoft Tracks Attack Campaign Against Customer Support Agents
The company attributes the attack to Nobelium, the same group it linked to the SolarWinds campaign earlier this year.Russian Attackers Breach Microsoft Customer Service Accounts
American IT companies and government have been targeted by the Nobelium state-sponsored group.
An Interesting Approach to Cyber Insurance
What if insurers were to offer companies an incentive -- say, a discount -- for better protecting themselves? You know, the way car insurance companies offer lower premiums to customers who take a driver's ed course.
The Danger of Action Bias: Is It Always Better to Act Quickly?
Experts discuss the meaning of action bias and how it presents a threat to IT security leaders, practitioners, and users.Microsoft Signs Malware That Spreads Through Gaming
The driver, called "Netfilter," is a rootkit that talks to Chinese C2 IPs and aims to spoof gamers' geo-locations to cheat the system and play from anywhere, Microsoft said.
Critical CISO Initiatives for the Second Half of 2021
Saryu Nayyar, CEO at Gurucul, goes over what defenses CISOs need now, and how and why to prioritize the options.
In Memoriam: John McAfee
What was it like to work for, and be friends with, the larger-than-life technology entrepreneur back when he helped shape the computer security industry?
The post In Memoriam: John McAfee appeared first on WeLiveSecurity
The Role of Encryption in Protecting LGBTQ+ Community Members
The Internet is a vital tool that helps LGBTQ+ community members communicate without fear of persecution -- and strong encryption is a critical part of this equation.Buckland: ministerial offices should be swept for hidden cameras – video
The justice secretary has signalled that ministerial security may have been compromised as he called for regular security sweeps for cameras in ministers’ offices after the Matt Hancock scandal. Hancock resigned as health secretary after CCTV footage from his departmental office showing him kissing his senior aide was leaked to the press
Continue reading...Own an old WD My Book Live? Disconnect it from the internet right now
Active attacks are indiscriminately wiping user devices.Hancock CCTV footage: security may have been breached, minister says
Justice secretary Robert Buckland calls for regular sweeps for hidden cameras in government offices
The justice secretary, Robert Buckland, has signalled that ministerial security may have been compromised as he called for regular security sweeps for cameras in ministers’ offices after the Matt Hancock scandal.
Hancock resigned as health secretary on Saturday following the leak of CCTV images from his departmental office showing him kissing his senior aide Gina Coladangelo.
Continue reading...